I get the first feedback from Apache users that want their http: only hosts to 
also serve https:. This is nice feedback to improve usability of mod_md. 

Ideally, what these people want - and that is purely my interpretation - is to 
add a few lines to their config and  - voila - https: is available. And, 
honestly, why should they not expect that?



Example: Duplication/Redirect

They have something like:
----------------------------------
Listen 80
<VirtualHost *:80>
  ServerName xxx.yyy
  ...
</VirtualHost>
----------------------------------

and want to also make that available on https:
----------------------------------
Listen http://*:80
Listen https://*:443

<VirtualHost *:80>
  ServerName xxx.yyy
  AlternatePorts 443
  ...
</VirtualHost>
----------------------------------

or redirect everyone to https:
----------------------------------
Listen http://*:80
Listen https://*:443

<VirtualHost *:443>
  ServerName xxx.yyy
  RedirectPermanentFrom 80
  ...
</VirtualHost>
----------------------------------

I am not hooked on the names, but I hope you understand the intent? Anyone with 
me on this?

Cheers,

Stefan


> Am 10.08.2017 um 16:19 schrieb Stefan Eissing <stefan.eiss...@greenbytes.de>:
> 
>> Am 10.08.2017 um 16:09 schrieb William A Rowe Jr <wr...@rowe-clan.net>:
>> 
>> Let's break it down and consider the implications of Listen...
>> 
>> On Thu, Aug 10, 2017 at 8:28 AM, Stefan Eissing
>> <stefan.eiss...@greenbytes.de> wrote:
>>> Now that mod_md has landed in trunk, I am looking at more ways
>>> to simplify a SSL configuration. Looking at the Listen directive,
>>> it has an optional 2nd protocol parameter.
>>> 
>>> Would it be unreasonable to assume that a
>>>   Listen NNN https
>>> 
>>> means that "SSLEngine on" should be the default in all
>>>   <VirtualHost *:NNN>
>>>      ServerName xxx.yyy
>>>      ...
>>>   </VirtualHost>
>>> 
>>> sections?
>> 
>> Firstly, we have well understood protocols definitions, so there
>> are several shorthand flavors that could be introduced;
>> 
>> Listen https
>> 
>> has a very plain and obvious meaning. Thus, so would these;
>> 
>> Listen https://192.168.1.1
>> Listen https://xxx.yyy
>> Listen https://192.168.1.1:8443
>> Listen https://xxx.yyy:8443
> 
> I like this.



Coming back to this. If we - optionally - would support this in the 'Listen' 
directive

Reply via email to